|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] mem_sharing: summarized problems when domain is dying
On Fri, Jan 21, 2011 at 4:19 PM, Jui-Hao Chiang <juihaochiang@xxxxxxxxx> wrote: > (b) hap_nested_page_fault: if we return fail, will this cause problem > to guest? or we can simply return success to cheat the guest. But > later the guest will trigger another page fault if it write the page > again. > (c) gnttab_map_grant_ref: this function specify must_succeed to > gfn_to_mfn_unshare(), which would BUG if unshare() fails. I took a glance around the code this morning, but it seems like: (b) should never happen. If a domain is dying, all of its vcpus should be offline. If I'm wrong and there's a race between d->is_dying set and the vcpus being paused, then the vcpus should just be paused if they get an un-handleable page fault. (c) happens because backend drivers may still be servicing requests (finishing disk I/O, incoming network packets) before being torn down. It should be OK for those to fail if the domain is dying. I'm not sure the exact rationale behind the "cannot fail" flag; but it looks like in grant_table.c, both callers of gfn_to_mfn_unshare() handle the case where the returned p2m entry is just _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |